package com.wsz.security_fx.config;

import com.wsz.security_fx.config.filter.CustomAuthenticationFilter;
import com.wsz.security_fx.config.filter.CustomAuthorizationFilter;
import com.wsz.security_fx.service.impl.UserDetailsServerImpl;
import com.wsz.security_fx.utils.RedisOperator;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@RequiredArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final UserDetailsServerImpl userDetailsServer;//数据源
    private final RedisOperator redisOperator;//包装的redis工具类


    //暴露认证管理器
    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }


    //设置认证管理器的数据源
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServer);
    }

    //配置
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .mvcMatchers("/vc.jpg/**","/api/token/refresh/**").permitAll()//放行验证码和token刷新控制器
                .and()
                .authorizeRequests().//开启请求认证
                 anyRequest().authenticated()//除上面两个请求任何请求都要认证
                .and()
                .formLogin()//开启表单验证
                .and()
                .csrf().disable();//关闭跨域请求保护
        CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(redisOperator);//导入redis工具类
        customAuthenticationFilter.setAuthenticationManager(authenticationManager());//设置权限控制器
        customAuthenticationFilter.setFilterProcessesUrl("/api/login");//指定处理登录请求url
        http.addFilterBefore(customAuthenticationFilter,UsernamePasswordAuthenticationFilter.class);//将自己写过滤器放UsernamePasswordFilter前面
        http.addFilterAt(new CustomAuthorizationFilter(),UsernamePasswordAuthenticationFilter.class);//替换UsernamePasswordFilter
    }
}
